Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
3
Replies

VoIP phones in public rooms

Eric Lindsey
Level 1
Level 1

‎02-18-2014 04:04 PM - edited ‎03-18-2019 11:19 AM

We have been tasked with deploying VoIP phones in our patient rooms at our hospital. So far we have only deployed them internally. We do use voice vlans for each floor that gets ip phones. We have a Session Border Controller in our DMZ for users that have our IP phones at their homes. A few thoughts have come up about using port security on switch ports to lock down the MAC address on the port. But windows now allows users to change their MAC address without the need for spoofing software. Not to mention the calls we would get at 2:00 am when the staff replaces an ip phone. We could use some kind of ACL on the port but it would always be changing as we deploy more and more ip phones. So we are kind of stuck. Has anyone went through this type of deployment and how did you do it? Maybe an internal SBC? Thoughts???

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-18-2014 04:18 PM 

A few thoughts have come up about using port security on switch ports to lock down the MAC address on the port.

No need.  Just make sure the PC ports at the back of the phones are disabled or get the phones without the second port.

But this will not stop someone from unplugging the phone.  So you'll need to employ a cable lock, like the following:

http://www.panduit.com/wcs/Satellite?c=Page&childpagename=Panduit_Global%2FPG_Layout&cid=1345565612156&packedargs=classification_id%3D651%26locale%3Den_us&pagename=PG_Wrapper

http://www.panduit.com/wcs/Satellite?c=Page&childpagename=Panduit_Global%2FPG_Layout&cid=1345565612156&packedargs=classification_id%3D652%26locale%3Den_us&pagename=PG_Wrapper

Another method you could try to use is make sure that the port where the phones are in public do not have any data VLANs configured.

Trying to hardcode an IP address to a MAC address is not foolproof.  Anyone can spoof a MAC address and coding the values ain't easy.

0 Helpful

Eric Lindsey
Level 1
Level 1

‎02-18-2014 05:16 PM

Thanks for the reply. I looked at the lock but how does it stop them from unplugging the cable from the phone? Our phones are not mounted.

Sent from Cisco Technical Support iPhone App

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Eric Lindsey

‎02-18-2014 05:51 PM 

I looked at the lock but how does it stop them from unplugging the cable from the phone?

You lock both ends of the RJ-45.  Anyone who wants to steal the phone has to physically severe the cable.  And when they do this they'll come to realize that the phone is still un-usable.

Contact your nearest Panduit sales office and they'll send you a free sample.

0 Helpful
Customers Also Viewed These Support Documents